The Same Russians Who Hacked Clinton Are Targeting Biden

Uploaded on 2020-10-12 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW

Microsoft says that the same group of cyber criminals from Russia that attempted to interfere in the 2016 US election are trying to break into email accounts belonging to staff members from across the political spectrum.

Other hackers from China and Iran are also attempting to spy on the presidential campaigns of Donald Trump and Joe Biden, according to Microsoft. 

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently warned that foreign groups and other malicious actors online are spreading disinformation around potential cyber attacks on US election infrastructure.  “During the 2020 election season, foreign actors and cyber criminals are spreading false and inconsistent information through various online platforms in an attempt to manipulate public opinion, discredit the electoral process, and undermine confidence in US democratic institutions,” the agencies wrote 

Officials with the Department of Homeland Security and US intelligence have been saying for years that Russia and other nations will try to use hacking and disinformation to undermine the 2020 contest. This would be similar to the last presidential race, when they leaked reams of embarrassing information about Democratic nominee Hillary Clinton in an effort to help Donald Trump.  Then the agencies warned that US voter information is widely available through other avenues than illegal hacking, and that access to voter information had not impacted election results. 

Hackers targeted staff at Washington DC firm SKDKnickerbocker, a campaign strategy and communications firm working with Biden. ​Microsoft identified the suspected hacking group as the same set of spies blamed by the US government for breaking into the campaign of Democratic former presidential candidate Hillary Clinton and leaking the emails of her staff, two of the sources said. 

The group, which many researchers refer to as “Fancy Bear,” is controlled by the Russia’s military intelligence agency, according to reports from the US intelligence community released after the 2016 election. A person familiar with SKDK’s response to the attempts said the hackers failed to gain access to the firm’s networks. “They are well-defended, so there has been no breach,” the person said.

US intelligence agencies have raised alarms about possible efforts by foreign governments to interfere in the November presidential election.

Investigations by former special counsel Robert Mueller and the Senate intelligence committee both concluded that affiliates of the Russian government interfered in the 2016 presidential election to try to help Republican Donald Trump get elected. Mueller has warned that Russia was meddling in the current campaign. The Biden campaign said it was aware Microsoft said

One of the sources familiar with the incident told the Washington Post  that it was not clear whether Biden’s campaign was the target or whether the hackers were attempting to gain access to information about other SKDK clients. 

The attempts to infiltrate SKDK were recently flagged to the campaign firm by Microsoft, which identified hackers tied to the Russian government as the likely culprits, according to the three sources briefed on the matter. The attacks included phishing, a hacking method which seeks to trick users into disclosing passwords, as well as other efforts to infiltrate SKDK’s network, the three sources said.

Microsoft believes Fancy Bear is behind the attacks based on an analysis of the group’s hacking techniques and network infrastructure, one of the sources said.

The company, which has extraordinary visibility on digital threats via its widely used Windows operating system and cloud services has taken an increasingly active role in calling out state-backed cyber espionage. In 2018, the company launched its Defending Democracy initiative, aimed in part at safeguarding campaigns from hackers.

It is thought that Iran tried to hack into Gmail accounts used by President Trump’s reelection campaign staff  and that  China, has tried to hack staff for former vice president Joe Biden, Democratic presidential candidate.

These nation state-backed hacking campaigns are likely to be the just the beginning of a general election campaign that will be ripe for disruption by US adversaries.  The kinds of disinformation campaigns being pushed heavily by bots take a variety of forms, including false information about voting logistics like date, place, or fake voting requirements.

Reuters:       Washington Post:       NPR:      Sky:     The Hill:         TechRepublic

You Might Also Read:

US Electoral Infrastructure Is Wide Open To Hackers:

 

« Cambridge Analytica Did Not Influence The Brexit Referendum
Struggling With The Cyber Security Skills Shortage »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

National Cyber Security Centre Finland (NCSC-FI)

National Cyber Security Centre Finland (NCSC-FI)

The NCSC-FI develops and monitors the operational reliability and security of communications networks and services in Finland.

Bundesdruckerei

Bundesdruckerei

Bundesdruckerei specializes in secure identity technologies and services for protecting sensitive data, communications and infrastructures.

Riverside Research

Riverside Research

Riverside Research is a not-for-profit organization chartered to advance scientific research in areas including Trusted & Resilient Systems.

Quadible

Quadible

Quadible BehavAuth is an AI-platform that continuously authenticates the users, without the need of any input, by learning their behavioural patterns.

GlassSquid

GlassSquid

glasssquid.io simplifies your cyber security job search. We want to help you find your next perfect fit opportunity by removing the confusion.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Capital Network Solutions

Capital Network Solutions

Capital Network Solutions are a highly accredited managed IT services and consultancy provider, specialising in cyber security, infrastructure and communications.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

HarfangLab

HarfangLab

HarfangLab develops a hunting software to boost detection and neutralization of cyberattacks against companies endpoints.

NETAND

NETAND

NETAND privileged access and identity management solutions will secure your business from cyber threats.

RIIG Technology

RIIG Technology

Our mission is to empower organizations with high-quality, verifiable data and advanced intelligence solutions, ensuring robust security and effective risk management.